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WHAT IS CLAIMED IS: 



10 



A method in a data processing system for validating digital certificates, 

comprising:^ 

receiving an online certificate status protocol request associated with a digital 
certificate; 

creating a Lightweight Directory Access Protocol database query based on 
the received requesl; 

sending theMJghtweight Directory Access Protocol database query to 
determine whether tine digital certificate is valid; and 

receiving a database query result indicating whether the digital certificate is 

valid. 
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2. The method of claim 1 , further including sending an indication of 
whether the digital certificate's valid based upon the received database query result. 

\ f 

3. The method of claim 1 , wherein the data processing system has a 
certificate authority and an associated database, and wherein the method further 
comprises: 

sending an indication of a new {digital certificate from the certificate authority 
to the database upon issuance of the new digital certificate; 

receiving, by the database, from th^ certificate authority, an indication of the 
new digital certificate; and 

storing a database record reflecting an identity of the new digital certificate. 
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4. The method of claim 1 , wherein the data processing system has a 
certificate authority and an associated database, and wherein the method further 



comprises: 

sending an indication of a revoked 
authority to the database upon revocation! 

receiving, by the database, from th 



digital certificate from the certificate 
of the revoked digital certificate; 
3 certificate authority, the indication of 



revocation of the revoked digital certificate} and 

removing a database record of an identity of the revoked digital certificate. 



5. A method in a data processing system for validating digital certificates, 
the data processing system having a certificate authority and an associated 
database, the method comprising: 

receiving, by a database, a Lightweight Directory Access Protocol query 
based on an online certificate status protocol^ request indicating a requested digital 
certificate; 

searching the database for a database \record reflecting an identity of the 
requested digital certificate; and 

returning an indication of the database record when the database record 
reflecting the requested digital certificate is found to indicate validity of the requested 
digital certificate, whereby the indication of the database record is returned without 
transmission of a certificate revocation list by the certificate authority. 
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6. The method of claim 5[ further comprising the step of: 
sending an indication of a new digital certificate from the certificate authority 
to the database upon issuance of the| new digital certificate; 

receiving, by the database fronri the certificate authority, an indication of the 

i 

new digital certificate upon issuance of the new digital certificate; and 

storing a database record reflecting an identity of the new digital certificate. 
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7. A method in a data processing system for validating digital certificates 
without certification revocation lists, comprising: 

receiving an online certificate status protocol request associated with a digital 
certificate; 

creating a database query based on the received request; 

ermine whether the digital certificate is 



sending the database query to de 
valid; and 

receiving a database query result 

valid. 



indicating whether the digital certificate is 



8. The method of claim 7, whe rein the database query is a Lightweight 
Directory Access Protocol database quer/ 



20 



21 



AtHPTey Docket No. 06502.0345 



rn 



10 



15 



9. A method in a data processing system for validating digital certificates 
without certification revocation lists, jhe data processing system having a certificate 
authority and an associated database, the method comprising: 

receiving, by the database, a query based on an online certificate status 
protocol request indicating a requested digital certificate; 

searching the database for a database record reflecting an identity of the 
requested digital certificate; and 

returning an indication of the database record when the database record 

reflecting the requested digital certificate is found to indicate validity of the requested 

t 

digital certificate. 

1 0. The method of claim 9, further comprising the step of: 



sending an indication of the new 



igital certificate from the certificate authority 



to the database upon issuance of the new digital certificate; 

receiving, by the database from the certificate authority, an indication of a 
new digital certificate upon issuance of the new digital certificate; and 

storing a database record reflecting an identity of the new digital certificate. 
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1 1 . The method of claim 9, wherein the received query is a Lightweight 
Directory Access Protocol query. 
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12. A method in a da 
without certification revocation 
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a processing system for validating digital certificates 
lists, the data processing system having a client, a 



serverj an OCSP responder, a (database, and a certificate authority, the method 
comprising: 

sending a request from the client for a transaction, the request including a 
digital certificate identifying the client; 

receiving the client requesi by the server; 

creating, by the server, an online certificate status protocol request based on 
the associated digital certificate identifying the client; 



sending the online certificate status protocol request by the server; 

receiving, by the OCSP responder, the online certificate status protocol 
request associated with the digital certificate; 

creating a Lightweight Directory Access Protocol database query based on 
the received online certificate status plotocol request; 

sending the Lightweight Directory Access Protocol database query to the 
database to determine whether the digital certificate is valid, the database storing 
records of valid certificates of the certificate authority; 

searching the database for a database record identifying the digital certificate 
associated with the online certificate status protocol request; 

returning a LDAP database query result indicating whether the digital 
certificate is valid; and 

receiving the returned LDAP databasfe query result. 
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13. A data processing system for answering online certificate status 
requests without certificate revocation lists, comprising: 

i 

a memory having program instructions; 

a processor configured L execute the program instructions to receive an 
online certificate status protocol request associated with a digital certificate, create a 
database query based on the received request, send the Lightweight Directory 
Access Protocol database query toVletermine whether the digital certificate is valid, 
and receive a Lightweight Directory Access Protocol database query result indicating 
whether the digital certificate is valid. 
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14. A data processing system for answ/ring online certificate status 
requests without certificate revocation lists, comprising: 
a first computer having: / 

/ 



a memory having program instructions; 
a processor configured to exepute the program instructions to 



receive 



an online certificate status protocol reques^' associated with a digital certificate, 
create a database query based on the received request, send the database query to 
determine whether the digital certificate is valid, and receive a database query result 
indicating whether the digital certificate is valid; and 

a second computer representing a directory server having: 

a database storing database records indicating digital certificates; 

a memory having program instructions; 

a processor configured/to execute the program instructions to receive, 
from a certificate authority, an indication of a new digital certificate upon issuance of 
the new digital certificate, store a database record reflecting an identity of the new 
digital certificate, receive the datapase query based on the online certificate status 
protocol request from the first computer, search the database for a database record 
reflecting an identity of the requested digital certificate; and return an indication of 
the database record to the first/computer when the database record reflecting the 



requested digital certificate is 
certificate. 



bund to indicate validity of the requested digital 
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15. The data processing system of claim 14, wherein the database query 
is an LDAP query. 

16. A data processing system for answering online certificate status 
requests without certificate revocation lists, comprising: 

a client computer configured to send a request for a transaction, the request 
including a digital certificate identifying the/client; 

a server computer configured to receive the client request, create an online 
certificate status protocol request based on the associated digital certificate 
identifying the client, and send the online certificate status protocol request; 

an OCSP responder configured to receive the online certificate status 
protocol request associated with the digital certificate, create a Lightweight Directory 
Access Protocol database query based/on the received online certificate status 
protocol request, and send the Lightweight Directory Access Protocol database 
query to a database to determine whether the digital certificate is valid, the database 
storing records of valid certificates of the certificate authority; and 

a database configured to search for a database record identifying the digital 
certificate associated with the onjine certificate status protocol request, return an 
LDAP database query result ind/cating whether the digital certificate is valid. 
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1 7. A computer-readable medium containing instructions for controlling a 



/ 



data processing system to perform a method for validating digital certificates 
comprising the steps of: 

receiving an online certificate status protocol request associated with a digital 
certificate; 

creating a Lightweight Direc}6ry Access Protocol database query based on 
the received request; 

sending the Lightweight Directory Access Protocol database query to 

! 

determine whether the digital certificate is valid; and 

/ 

receiving a database query result indicating whether the digital certificate is 

valid. 
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1 8. The computer-readable medium of claim 1 7, wherein the method 
further comprises sending ari indication of whether the digital certificate is valid 
based upon the received database query result. 
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19. The computer-readable medium of claimf 1 7, wherein the data 
processing system has a certificate authority and an associated database, and 

f 

wherein the method further comprises: / 

sending an indication of a new digital certificate from the certificate authority 
to the database upon issuance of the new digital certificate; 

receiving, by the database, from the certifjcate authority, an indication of the 
new digital certificate; and 

storing a database record reflecting an identity of the new digital certificate. 



10 20. The computer-readable medium of claim 1 7, wherein the data 

processing system has a certificate authority and an associated database, and 
wherein the method further comprises: 

sending an indication of a revoked digital certificate from the certificate 
authority to the database upon revocation of the revoked digital certificate; 
15 receiving, by the database, from the certificate authority, the indication of 



revocation of the revoked digital certificat 
removing a database record of an 



s; and 

identity of the revoked digital certificate. 
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21 . A computer-readable medium containing instructions for controlling a 
data processing system to perform a method for validating digital certificates, the 
data processing system having a certificate authority and an associated database, 
the method comprising the steps of: 

receiving, by a database, a Lightweight Directory Access Protocol query 
based on an online certificate status protocol request indicating a requested digital 
certificate; / 

searching the database for a database record reflecting an identity of the 
requested digital certificate; and 

returning an indication of the database record when the database record 
reflecting the requested digital certificate is found to indicate validity of the requested 
digital certificate, whereby the indication oHhe database record is returned without 
transmission of a certificate revocation list/by the certificate authority. 
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22. The computer-readable piedium of claim 21 , wherein the method 
further comprises the steps of: 

sending an indication of a nd/v digital certificate from the certificate authority 
to the database upon issuance of the new digital certificate; 

receiving, by the database/from the certificate authority, an indication of the 
new digital certificate upon issuance of the new digital certificate; and 

storing a database record reflecting an identity of the new digital certificate. 
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23. A computer-readable medium containing instructions for controlling a 
data processing system to perform a method for validating digital certificates without 
certification revocation lists comprising the steps'of: 

receiving an online certificate status protocol request associated with a digital 
certificate; 

creating a database query based on/the received request; 
sending the database query to determine whether the digital certificate is 
valid; and *j 

receiving a database query result indicating whether the digital certificate is 

valid. 



24. The computer-readable medium of claim 23, wherein the database 



query is a Lightweight Directory access Protocol database query. 
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25. A computer-readable medium containing instructions for controlling a 
data processing system to perform a method for/validating digital certificates without 
certification revocation lists, the data processing system having a certificate authority 
and an associated database, the method comprising the steps of: 

receiving, by the database, a query based on an online certificate status 
protocol request indicating a requested digital certificate; 

searching the database for a database record reflecting an identity of the 
requested digital certificate; and ; 

returning an indication of the database record when the database record 
reflecting the requested digital certificate is found to indicate validity of the requested 
digital certificate. 
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26. The computer-readablje medium of claim 25, wherein the method 
further comprises the steps of: 

sending an indication of the/new digital certificate from the certificate authority 
to the database upon issuance of jfhe new digital certificate; 

receiving, by the database/from the certificate authority, an indication of a 
new digital certificate upon issuance of the new digital certificate; and 

storing a database recora reflecting an identity of the new digital certificate. 

27. The computer-readable medium of claim 25, wherein the received 
query is an Lightweight Directory Access Protocol query. 
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28. A computer-readable medium containing instructions for controlling a 
data processing system to perform a method for validating digital certificates without 
certification revocation lists, the data processing system having a client, a server, an 
OCSP responder, a database, and a certificate authority, the method comprising the 
steps of: / 

sending a request from the client for a transaction, the request including a 
digital certificate identifying the client; ( 

receiving the client request by the server; 

creating, by the server, an online certificate status protocol request based on 
the associated digital certificate identifying the client; 

sending the online certificate status protocol request by the server; 

receiving, by the OCSP responder, jne online certificate status protocol 
request associated with the digital certificate; 

creating a Lightweight Directory Access Protocol database query based on 
the received online certificate status protocol request; 

sending the Lightweight Directory Access Protocol database query to the 



database to determine whether the dig 
records of valid certificates of the certi 



tal certificate is valid, the database storing 
jicate authority; 

searching the database for a database record identifying the digital certificate 
associated with the online certificate status protocol request; 

returning a LDAP database query result indicating whether the digital 
certificate is valid; and \l 

receiving the returned LDAP database query result. 
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29. A data processing systerrvfor validating digital certificates, comprising: 
means for receiving an online certificate status protocol request associated 
with a digital certificate; 

means for creating a Lightweight Directory Access Protocol database query 
based on the received request; 

means for sending the Lightweljpht Directory Access Protocol database query 
to determine whether the digital certificate is valid; and 



\ 



means for receiving a database query result indicating whether the digital 
certificate is valid. 
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